This detection rule monitors changes to the session duration settings of Asana workspaces. Specifically, it triggers when the default session duration is changed to 'never', indicating that users will no longer need to re-authenticate. This setting poses a low-risk vulnerability as it may allow unauthorized access if a user remains logged in on a public or shared device. The rule checks for log entries indicating an admin event that modifies the session duration value. It captures necessary details such as the prior and new values, the actor making the change, and the context in which it occurred, ensuring comprehensive insights are available for security review. Given the severity assigned as low, it is advisable to regularly review such configurations to ensure compliance with organizational security policies.